Welcome to GeekPolice!

Our Appeal to YOU: Please join and help us grow this website. We truly love technology and security and we want to share it with the world. Recognize the excitement of technology here daily:☞Security Discussion on malware, ransomware, and much more!
☞24/7 hard- and software tech support (+mobile!)
☞Virus and malware removal support
☞Tons of tutorials, guides and solutions
☞The very finest of our voluntary Support Staff
☞Much, much more absolutely FREE of any charge!

Note to non-members: Guests are able to open topics and reply to posts; however, guests are not allowed to create their own profile, unless they register (which you can do so below). By registering, you unlock many more capabilities of this site, and are able to interact with other members including making friends! Who wouldn't love a friendly tech community? Join us now!

First I'd like to give thanks in advance to any and all who can assist me here, I'm having some serious trouble.

Just this evening I think I got infected with this fake malware scanner called AntiMalware GO. I read the topic of what to do before posting, but after I uninstalled an old version of Adobe Reader, I couldn't install the latest version, nor could I get critical windows updates. The Adobe installer will get canceled, every windows page I try to view on Internet Explorer gets redirected to the AntiMalware GO website. I can't open my system info from the control panel because it just immediately closes.

I'm not sure whether or not to run the programs to get the logs, as I currently don't have Adobe reader and I'm not sure if I have all the necessary Windows Update.

Any help is much appreciated. I'm pretty frustrated at the moment, as it seems this stupid programs has the control to exit out of everything I'm trying to do to get rid of it.

Careful now, AntiMalware GO is rogue software. For an explanation of this term you can consult e.g. Wikipedia. Whatever you do, do not buy a license for this program. If you already did, you have been scammed. In that case I suggest you contact your financial institution and see if you can revert the payment.

The first thing we are going to do is try and temporarily disable the rogue, to get rid of all the annoying popups and allow us to actually do something. For this we use RKill.

[ System Events ]Error - 2/4/2011 8:44:59 PM | Computer Name = NATE | Source = MRxSmb | ID = 8003Description = The master browser has received a server announcement from the computer MAC001FF3D1441C that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3B8B10B3-9D7. The master browser is stopping or an election is being forced.

Error - 2/4/2011 9:51:15 PM | Computer Name = NATE | Source = MRxSmb | ID = 8003Description = The master browser has received a server announcement from the computer MAC001FF3D1441C that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3B8B10B3-9D7. The master browser is stopping or an election is being forced.

Error - 2/5/2011 2:34:34 AM | Computer Name = NATE | Source = MRxSmb | ID = 8003Description = The master browser has received a server announcement from the computer MAC001FF3D1441C that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3B8B10B3-9D7. The master browser is stopping or an election is being forced.

Error - 2/5/2011 11:53:08 PM | Computer Name = NATE | Source = MRxSmb | ID = 8003Description = The master browser has received a server announcement from the computer MAC001FF3D1441C that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AE7B0A6B-B36. The master browser is stopping or an election is being forced.

Error - 2/6/2011 5:11:40 AM | Computer Name = NATE | Source = W32Time | ID = 39452706Description = The time service has detected that the system time needs to be changed by -86372 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.27:123->207.46.232.182:123) is working properly.

Error - 2/7/2011 5:41:45 PM | Computer Name = NATE | Source = MRxSmb | ID = 8003Description = The master browser has received a server announcement from the computer MAC001FF3D1441C that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AE7B0A6B-B36. The master browser is stopping or an election is being forced.

Error - 2/7/2011 11:15:08 PM | Computer Name = NATE | Source = MRxSmb | ID = 8003Description = The master browser has received a server announcement from the computer MAC001FF3D1441C that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AE7B0A6B-B36. The master browser is stopping or an election is being forced.

Error - 2/8/2011 9:07:17 PM | Computer Name = NATE | Source = Server | ID = 2505Description = The server could not bind to the transport \Device\NetBT_Tcpip_{AE7B0A6B-B368-4E63-A894-3B6A46B3C6F9} because another computer on the network has the same name. The server could not start.

Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.

If it asks to reboot the computer, allow it to reboot.

If the program freezes, and the computer fails to reboot - let me know.

Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

I see that you have P2P software installed on your machine (uTorrent).While file-sharing is a useful concept, P2P programs are mostly used for shady/illegal practices like software piracy, copyright infraction and malware distribution. You really do not want to contribute to illegal activities or find yourself victim of cybercriminals using P2P for spreading of their malware. I would strongly recommend that you uninstall all P2P software, however that choice is up to you. If you choose to remove these programs, you can do so via Start >> Control Panel >> Add or Remove Programs.

====================

I recommend you uninstall this program through Start >> Control Panel >> Add or Remove Programs:Viewpoint Media Player

It comes with AOL, is installed without your consent and is generally useless.

All processes killed========== OTL ==========HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeUpdater deleted successfully.Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\arbxieuw deleted successfully.C:\Documents and Settings\Nathan\Local Settings\Temp\obpktlkvi\kpvlqkehmof.exe moved successfully.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f10141d-a6e5-11dd-a14a-001d0955d951}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f10141d-a6e5-11dd-a14a-001d0955d951}\ not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f10141d-a6e5-11dd-a14a-001d0955d951}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f10141d-a6e5-11dd-a14a-001d0955d951}\ not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f10141d-a6e5-11dd-a14a-001d0955d951}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f10141d-a6e5-11dd-a14a-001d0955d951}\ not found.File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nATe.EXE not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85eda595-ca73-11de-a1c4-001d0955d951}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85eda595-ca73-11de-a1c4-001d0955d951}\ not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85eda595-ca73-11de-a1c4-001d0955d951}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85eda595-ca73-11de-a1c4-001d0955d951}\ not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85eda595-ca73-11de-a1c4-001d0955d951}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85eda595-ca73-11de-a1c4-001d0955d951}\ not found.File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL LIBLAbS-usER.exE not found.Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret ~[Filtered]~ in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!Error: Unable to interpret in the current context!========== COMMANDS ==========

Nate, after rebooting your computer should run better now. Does it?If you have problems connecting to internet, follow the next step. If internet works correctly you can skip the first of the next two steps.